mirror
/
jwt
mirror of https://github.com/golang-jwt/jwt.git
1
0
Fork 1
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #107 from Snorlock/bearer-verification 

token.go: did some changes to the checks
This commit is contained in:
Dave Grijalva 2016-02-09 11:43:28 -08:00
parent afef698c32 fea509ebfe
commit f2193411bd
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
parser.go
View File

@ -26,6 +26,9 @@ func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) {
// parse Header
var headerBytes []byte
if headerBytes, err = DecodeSegment(parts[0]); err != nil {
if strings.HasPrefix(strings.ToLower(tokenString), "bearer ") {
return token, &ValidationError{err: "tokenstring should not contain 'bearer '", Errors: ValidationErrorMalformed}
}
return token, &ValidationError{err: err.Error(), Errors: ValidationErrorMalformed}
}
if err = json.Unmarshal(headerBytes, &token.Header); err != nil {

2
token.go
View File

@ -96,7 +96,7 @@ func ParseFromRequest(req *http.Request, keyFunc Keyfunc) (token *Token, err err
// Look for an Authorization header
if ah := req.Header.Get("Authorization"); ah != "" {
// Should be a bearer token
if len(ah) > 6 && strings.ToUpper(ah[0:6]) == "BEARER" {
if len(ah) > 6 && strings.ToUpper(ah[0:7]) == "BEARER " {
return Parse(ah[7:], keyFunc)
}
}